diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5758bd9dbd..2320ca27ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,6 +26,7 @@ jobs: runs-on: ubuntu-22.04 outputs: go_path: ${{ steps.vars.outputs.go_path }} + min_k8s_version: ${{ steps.vars.outputs.min_k8s_version }} steps: - name: Checkout Repository uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 @@ -37,7 +38,9 @@ jobs: - name: Output Variables id: vars - run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT + run: | + echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT + echo "min_k8s_version=1.23.17" >> $GITHUB_OUTPUT - name: Check if go.mod and go.sum are up to date run: go mod tidy && git diff --exit-code -- go.mod go.sum @@ -160,10 +163,61 @@ jobs: path: ${{ github.workspace }}/dist key: nginx-gateway-fabric-${{ github.run_id }}-${{ github.run_number }} + build: + name: Build Image + needs: [vars, binary] + strategy: + fail-fast: false + matrix: + image: [ngf, nginx, plus] + platforms: ["linux/arm64, linux/amd64"] + uses: ./.github/workflows/build.yml + with: + image: ${{ matrix.image }} + platforms: ${{ matrix.platforms }} + permissions: + contents: read # for docker/build-push-action to read repo content + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + packages: write # for docker/build-push-action to push to GHCR + id-token: write # for docker/login to login to NGINX registry + secrets: inherit + + functional-tests: + name: Functional tests + needs: [vars, build] + strategy: + fail-fast: false + matrix: + image: [nginx, plus] + k8s-version: ["${{ needs.vars.min_k8s_version }}", "latest"] + uses: ./.github/workflows/functional.yml + with: + image: ${{ matrix.image }} + k8s-version: ${{ matrix.k8s-version }} + permissions: + contents: read + + conformance-tests: + name: Conformance tests + needs: [vars, build] + strategy: + fail-fast: false + matrix: + image: [nginx, plus] + k8s-version: ["${{ needs.vars.min_k8s_version }}", "latest"] + enable-experimental: ["true", "false"] + uses: ./.github/workflows/conformance.yml + with: + image: ${{ matrix.image }} + k8s-version: ${{ matrix.k8s-version }} + enable-experimental: ${{ matrix.enable-experimental }} + permissions: + contents: write + helm-tests: name: Helm Tests runs-on: ubuntu-22.04 - needs: [vars, binary] + needs: [vars, build] steps: - name: Checkout Repository uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 @@ -210,7 +264,6 @@ jobs: target: goreleaser load: true cache-from: type=gha,scope=ngf - cache-to: type=gha,scope=ngf,mode=max pull: true - name: Build NGINX Docker Image @@ -221,7 +274,6 @@ jobs: context: "." load: true cache-from: type=gha,scope=nginx - cache-to: type=gha,scope=nginx,mode=max pull: true build-args: | NJS_DIR=internal/mode/static/nginx/modules/src @@ -254,25 +306,6 @@ jobs: -n nginx-gateway working-directory: ${{ github.workspace }}/deploy/helm-chart - build: - name: Build Image - needs: [vars, binary] - strategy: - fail-fast: false - matrix: - image: [ngf, nginx, plus] - platforms: ["linux/arm64, linux/amd64"] - uses: ./.github/workflows/build.yml - with: - image: ${{ matrix.image }} - platforms: ${{ matrix.platforms }} - permissions: - contents: read # for docker/build-push-action to read repo content - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - packages: write # for docker/build-push-action to push to GHCR - id-token: write # for docker/login to login to NGINX registry - secrets: inherit - publish-helm: name: Package and Publish Helm Chart runs-on: ubuntu-22.04 diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index b4de38ad56..b88cd533f1 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -1,15 +1,17 @@ name: Conformance Testing on: - push: - branches: - - main - - release-* - tags: - - "v[0-9]+.[0-9]+.[0-9]+*" - pull_request: - schedule: - - cron: "0 4 * * *" # run every day at 4am UTC + workflow_call: + inputs: + image: + required: true + type: string + k8s-version: + required: true + type: string + enable-experimental: + required: true + type: string defaults: run: @@ -26,24 +28,17 @@ jobs: conformance-tests: name: Gateway Conformance Tests runs-on: ubuntu-22.04 - strategy: - matrix: - k8s-version: ["1.23.17", "latest"] - nginx-image: [nginx, nginx-plus] - enable-experimental: [true, false] permissions: contents: write # needed for uploading release artifacts steps: - name: Checkout Repository uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Setup Golang Environment - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - name: Fetch Cached Artifacts + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: - go-version: stable - - - name: Set GOPATH - run: echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV + path: ${{ github.workspace }}/dist + key: nginx-gateway-fabric-${{ github.run_id }}-${{ github.run_number }} - name: Docker Buildx uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 @@ -65,7 +60,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - name=ghcr.io/nginxinc/nginx-gateway-fabric/${{ matrix.nginx-image }} + name=ghcr.io/nginxinc/nginx-gateway-fabric/${{ inputs.image }} tags: | type=semver,pattern={{version}} type=edge @@ -76,18 +71,9 @@ jobs: run: | ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric ngf_tag=${{ steps.ngf-meta.outputs.version }} - make update-ngf-manifest${{ matrix.nginx-image == 'nginx-plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} + make update-ngf-manifest${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} working-directory: ./conformance - - name: Build binary - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 - with: - version: latest - args: build --snapshot --clean - env: - TELEMETRY_ENDPOINT: "" # disables sending telemetry - TELEMETRY_ENDPOINT_INSECURE: "false" - - name: Build NGF Docker Image uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: @@ -97,18 +83,16 @@ jobs: target: goreleaser load: true cache-from: type=gha,scope=ngf - cache-to: type=gha,scope=ngf,mode=max pull: true - name: Build NGINX Docker Image uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: - file: build/Dockerfile${{ matrix.nginx-image == 'nginx' && '.nginx' || '' }}${{ matrix.nginx-image == 'nginx-plus' && '.nginxplus' || ''}} + file: build/Dockerfile${{ inputs.image == 'nginx' && '.nginx' || '' }}${{ inputs.image == 'plus' && '.nginxplus' || ''}} tags: ${{ steps.nginx-meta.outputs.tags }} context: "." load: true - cache-from: type=gha,scope=${{ matrix.nginx-image }} - cache-to: type=gha,scope=${{ matrix.nginx-image }},mode=max + cache-from: type=gha,scope=${{ inputs.image }} pull: true build-args: | NJS_DIR=internal/mode/static/nginx/modules/src @@ -134,8 +118,8 @@ jobs: - name: Deploy Kubernetes id: k8s run: | - k8s_version=${{ matrix.k8s-version }} - make create-kind-cluster KIND_KUBE_CONFIG=${{ github.workspace }}/kube-${{ github.run_id }} ${{ ! contains(matrix.k8s-version, 'latest') && 'KIND_IMAGE=kindest/node:v${k8s_version}' || '' }} + k8s_version=${{ inputs.k8s-version }} + make create-kind-cluster KIND_KUBE_CONFIG=${{ github.workspace }}/kube-${{ github.run_id }} ${{ ! contains(inputs.k8s-version, 'latest') && 'KIND_IMAGE=kindest/node:v${k8s_version}' || '' }} echo "KUBECONFIG=${{ github.workspace }}/kube-${{ github.run_id }}" >> "$GITHUB_ENV" working-directory: ./conformance @@ -151,9 +135,9 @@ jobs: ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric ngf_tag=${{ steps.ngf-meta.outputs.version }} if [ ${{ github.event_name }} == "schedule" ]; then export GW_API_VERSION=main; fi - if [ ${{ startsWith(matrix.k8s-version, '1.23') || startsWith(matrix.k8s-version, '1.24') }} == "true" ]; then export INSTALL_WEBHOOK=true; fi - if [ ${{ matrix.enable-experimental }} == "true" ]; then export ENABLE_EXPERIMENTAL=true; fi - make install-ngf-local-no-build${{ matrix.nginx-image == 'nginx-plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} + if [ ${{ startsWith(inputs.k8s-version, '1.23') || startsWith(inputs.k8s-version, '1.24') }} == "true" ]; then export INSTALL_WEBHOOK=true; fi + if [ ${{ inputs.enable-experimental }} == "true" ]; then export ENABLE_EXPERIMENTAL=true; fi + make install-ngf-local-no-build${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} working-directory: ./conformance - name: Run conformance tests @@ -165,7 +149,7 @@ jobs: working-directory: ./conformance - name: Upload profile to release - if: ${{ matrix.k8s-version == 'latest' && startsWith(github.ref, 'refs/tags/') }} + if: ${{ inputs.k8s-version == 'latest' && startsWith(github.ref, 'refs/tags/') }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: gh release upload ${{ github.ref_name }} conformance-profile.yaml diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index 214e432172..aaa9c9ba0e 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -1,22 +1,19 @@ name: Functional Testing on: - push: - branches: - - main - - release-* - tags: - - "v[0-9]+.[0-9]+.[0-9]+*" - pull_request: + workflow_call: + inputs: + image: + required: true + type: string + k8s-version: + required: true + type: string defaults: run: shell: bash -concurrency: - group: ${{ github.ref_name }}-functional - cancel-in-progress: true - permissions: contents: read @@ -24,25 +21,15 @@ jobs: functional-tests: name: Gateway Functional Tests runs-on: ubuntu-22.04 - strategy: - matrix: - k8s-version: ["1.23.17", "latest"] - nginx-image: [nginx, nginx-plus] steps: - name: Checkout Repository uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Setup Golang Environment - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - name: Fetch Cached Artifacts + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: - go-version: stable - - - name: Set GOPATH - run: echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV - - - name: Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - + path: ${{ github.workspace }}/dist + key: nginx-gateway-fabric-${{ github.run_id }}-${{ github.run_number }} - name: NGF Docker meta id: ngf-meta @@ -61,22 +48,13 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - name=ghcr.io/nginxinc/nginx-gateway-fabric/${{ matrix.nginx-image }} + name=ghcr.io/nginxinc/nginx-gateway-fabric/${{ inputs.image }} tags: | type=semver,pattern={{version}} type=edge type=ref,event=pr type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }} - - name: Build binary - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 - with: - version: latest - args: build --snapshot --clean - env: - TELEMETRY_ENDPOINT: otel-collector-opentelemetry-collector.collector.svc.cluster.local:4317 - TELEMETRY_ENDPOINT_INSECURE: "true" - - name: Build NGF Docker Image uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: @@ -85,19 +63,17 @@ jobs: context: "." load: true cache-from: type=gha,scope=ngf - cache-to: type=gha,scope=ngf,mode=max pull: true target: goreleaser - name: Build NGINX Docker Image uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: - file: build/Dockerfile${{ matrix.nginx-image == 'nginx' && '.nginx' || '' }}${{ matrix.nginx-image == 'nginx-plus' && '.nginxplus' || ''}} + file: build/Dockerfile${{ inputs.image == 'nginx' && '.nginx' || '' }}${{ inputs.image == 'plus' && '.nginxplus' || ''}} tags: ${{ steps.nginx-meta.outputs.tags }} context: "." load: true - cache-from: type=gha,scope=${{ matrix.nginx-image }} - cache-to: type=gha,scope=${{ matrix.nginx-image }},mode=max + cache-from: type=gha,scope=${{ inputs.image }} pull: true build-args: | NJS_DIR=internal/mode/static/nginx/modules/src @@ -107,8 +83,8 @@ jobs: - name: Deploy Kubernetes id: k8s run: | - k8s_version=${{ matrix.k8s-version }} - make create-kind-cluster KIND_KUBE_CONFIG=${{ github.workspace }}/kube-${{ github.run_id }} ${{ ! contains(matrix.k8s-version, 'latest') && 'KIND_IMAGE=kindest/node:v${k8s_version}' || '' }} + k8s_version=${{ inputs.k8s-version }} + make create-kind-cluster KIND_KUBE_CONFIG=${{ github.workspace }}/kube-${{ github.run_id }} ${{ ! contains(inputs.k8s-version, 'latest') && 'KIND_IMAGE=kindest/node:v${k8s_version}' || '' }} echo "KUBECONFIG=${{ github.workspace }}/kube-${{ github.run_id }}" >> "$GITHUB_ENV" - name: Setup functional tests @@ -116,12 +92,12 @@ jobs: run: | ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric ngf_tag=${{ steps.ngf-meta.outputs.version }} - make load-images${{ matrix.nginx-image == 'nginx-plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} + make load-images${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} working-directory: ./tests - name: Run functional telemetry tests run: | ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric ngf_tag=${{ steps.ngf-meta.outputs.version }} - make test${{ matrix.nginx-image == 'nginx-plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} GINKGO_LABEL=telemetry + make test${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} GINKGO_LABEL=telemetry working-directory: ./tests diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 3580b7b8f9..a440e593b0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -4,7 +4,7 @@ on: push: branches: - main - pull_request: + pull_request_target: defaults: run: